how can i mask the middle line of a pem key in bash script

问题

how can I mask the middle lines of a PEM key in bash script

I need to echo my pem key with mask(*) the middle lines through a bash script

for example:-

-----BEGIN CERTIFICATE-----
MIICyjCCAbICCQDrpZYh8et7yTANBgkqhkiG9w0BAQsFADAnMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMB4XDTE4MTExMjIwNDEwNVoXDTE4
MTIxMjIwNDEwNVowJzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQH
DAJTRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnIdgpml8+xk+Oj
1RGMCyJ1P15RiM6rdtszT+DFBg893Lqsjoyd5YgwELLz0Ux8nviG4L5OXOujEpAP
2cQBxTSLQjBELBZY9q0Qky3+2ewqV6lSfcXrcf/JuDJGR5K8HSqwNG35R3WGnZ+O
JhY0Dmx06IAs/FF8gP88zTQ8M7zuaThkF8MaF4sWPf6+texQwjzk4rewknGBFzar
9wFxVwNCyDD6ewIYPtgDxdJ1bwBVoX3KKKXm8GStl/Zva0aEtbSq/161J4VbTro2
dxArMPKzxjD6NLyF59UNs7vbzyfiw/Wq7BJzU7Kued5KdGt0bEiyWZYO+EvvxGmE
1pHfqysCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAavj4CA+7XFVHbwYMbK3c9tN/
73hkMvkAZWix5bfmOo0cNRuCeJnRIX+o6DmusIc8eXJJJV/20+zoSvUwlsLDPXoN
+c41GfIiEUSaSdSBtETMy8oPga718nIwAvNgYiUHXnV3B0nLYBUpYSnsD00/6VXG
xZUIEVBd7Ib5aRwmK8U5drxoWaBoG5qdvH9iapwTrCcPsRjsLBq7Iza2oBORGlfF
CjqiW2+KJzwRiTQj70yceniGVHM+VSpFYCLJ0mXeyLfITy7joqxr4AGYz+EhpLuf
iDpYDNYlr0JDVQqogskWjrnWOh0YcIJKgVtiTh2HDM5TdQgeXg4wv5IqLok0Tw==
-----END CERTIFICATE-----

as

-----BEGIN CERTIFICATE-----
MIICyjCCAbICCQDrpZYh8et7yTANBgkqhkiG9w0BAQsFADAnMQswCQYDVQQGEwJV
****************************************************************
iDpYDNYlr0JDVQqogskWjrnWOh0YcIJKgVtiTh2HDM5TdQgeXg4wv5IqLok0Tw==
-----END CERTIFICATE-----

I tried with awk but it failed:

awk 'BEGIN{FS=OFS=""} {for(i=2;i<='15';i++) $i="*"}1'

回答1:

This might work for you (GNU sed):

sed -n '1p;1n;2p;2s/./*/gp;$!N;$!D;p' file

Turn off implicit printing by using the -n option.

Print the first and second lines, then replace every character of the second line by *'s and print that too.

Make a window of two lines throughout the remainder of the file and print it on the last line.

On reflection, a shorter solution:

sed 'N;2p;4s/\S/*/g;4P;$!D' file

does the same as the first solution but perhaps more cryptically.

回答2:

Scenario 1: 17-line PEM file

It looks like your file has a fixed amount of lines and you want to replace all lines from the third till the fifteenth one.

You may solve it with sed:

sed -e '3,15d' pemfile | sed -e  "3 i\\$(printf '*%.0s' {1..64})" > newpemfile

NOTES:

• sed -e '3,15d' pemfile - removes lines from the third through the fifteenth
• sed -e "3 i\\$(printf '*%.0s' {1..64})" > newpemfile - adds a 64-asterisk line as the third line and saves the file as newpemfile.

Scenario 2: Replace all lines but the first/last between two delimiter lines with a line with hardcoded number of asterisks

If your problem is replacing the lines between two delimiters you may use GNU sed solution like

sed -E "/^-+BEGIN CERTIFICATE-+$/{
    n;n;
    :a; N; /\n-+END CERTIFICATE-+$/!ba; s/.*(\n.*\n)/$(printf '*%.0s' {1..64})\1/;
}" pemfile

See this online sed demo

Here,

• /^-+BEGIN CERTIFICATE-+$/{ - matches a line like ---BEGIN CERTIFICATE---- and if found, the block commands are executed:
  • n;n; - read two lines, the last is in the pattern space
  • :a; N; /\n-+END CERTIFICATE-+$/!ba; - read all lines up to a line like ---END CERTIFICATE--- appending with newlines to the pattern space
  • s/.*(\n.*\n)/$(printf '*%.0s' {1..64})\1/; - replace the whole pattern space text with 64 asterisks and the last two lines (we remove all lines up to the last two here) }`

回答3:

I highly suggest using @WiktorStribizew's anser if the file is actually a fixed 16 lines long.

If it can vary (keys might have more or less bits), the simple way is to combine head and tail:

head -n2 key.pem ; echo 'XXXXXXX' ; tail -n2 key.pem

But if you're looking for a single command, take a look at this answer form a different question: https://stackoverflow.com/a/48002163/2284641

回答4:

Here is what I did find work on our pem files

awk '/-----BEGIN/ {f=2} f-->0; /-----END/' etc/auth/server.pem
-----BEGIN CERTIFICATE-----
MIID8jCCAhoCCQDGQsEmfeBvJTANBgkqhkiG6w0BAQsFADB/MQswCQYDVQQGEwJV
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIF8jBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG6w0BBQwwDgQIpS+A9Ql+5uUCAggA
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MII8ejCCAmICCQCNHBN8tj/FwzANBgkqhkiG6w0BAQsFADB/MQswCQYDVQQGEwJV
-----END CERTIFICATE-----

It prints the header and footer of all cert + first line of cert.

Not exactly whats requested, but should be ok for the purpose of hiding the cert, and works with multiple cert in same pem file and multiple length of cert.

Or this is more correct (no counting lines, only awk)

awk '/-----BEGIN/ {f=2} f-->0; /-----END/ {print "****************************************************************\n" p "\n" $0}  {p=$0}' etc/auth/server.pem
-----BEGIN CERTIFICATE-----
MII8MjCCAhoCCQDGQsEmfeBvJTANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
****************************************************************
WW/14Mz4
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIF8jBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIpS+A9Ql+5uUCAggA
****************************************************************
d9k=
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MII8ejCCAmICCQCNHBN8tj/FwzANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJV
****************************************************************
ZZc1oaC0PKSzBmq+TpbR27B8Zra3gpoA+gavdRZj
-----END CERTIFICATE-----

awk '
  /-----BEGIN/ {f=2}
  f-->0; 
  /-----END/ {print "****************************************************************\n" p "\n" $0}
  {p=$0}
  ' etc/auth/server.pem

来源：https://stackoverflow.com/questions/59066326/how-can-i-mask-the-middle-line-of-a-pem-key-in-bash-script